Collaborate Disseminate
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. Abo… Continue reading Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one b… Continue reading Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither o… Continue reading Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in… Continue reading Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)
Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately … Continue reading Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlook (CVE-2024-30103). 49 CVE-numbered vulnerabilities have been fixed in total, none of which have been… Continue reading Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
May 2024 Patch Tuesday was unusual because we had security updates from Adobe, Apple, Google, Mozilla, and Microsoft on the same day. While individually from each vendor, the updates weren’t that large, managing them together was more challenging. On t… Continue reading June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft
For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vulne… Continue reading Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)
Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code execu… Continue reading 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation. About Git Git is a widely-popular distributed versio… Continue reading Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)